Keynote recap of Oracle CloudWorld 2022
If you’ve dismissed Oracle as a serious player in the cloud space, you may want to reconsider. Oracle CloudWorld’s keynote was very distinct from other recent cloud events in how Oracle is thinking about multi-cloud. Oracle’s roadmap will matter to cloud security practitioners regardless of your primary cloud provider.
After pandemic-related cancellations and delays, the cloud provider conferences are back. October saw Google and Microsoft schedule their events in the same week. The week after, Oracle held its Oracle CloudWorld event at the Sands Expo and Venetian hotel in Las Vegas (the same venue that holds the bulk of AWS re:Invent).
Oracle CloudWorld (OCW) looks to have embraced the pre-pandemic cloud conference experience. Following #OCW22 on Twitter, you could see attendees from around the world talking about the big show floor and the evening parties.
What made OCW22 newsworthy was Oracle Cloud Infrastructure (OCI) head Clay Magouyrk’s keynote address and their perspective on the multi-cloud ecosystem. As Clay put it: “We have to make it possible for people to use multiple clouds together”. This was a very different take than we’ve seen from AWS, Azure, and GCP.
The list of announcements and investments was more about what they did in the past year and what they’re planning to do in the near future, rather than new features available right away. He highlighted EU Sovereign Cloud, a dedicated and logically separate version of OCI that will be physically located in the EU and staffed and supported exclusively by EU citizens. EU Sovereign Cloud will launch next year.
He highlighted how they want to “Solve problems with the fewest number of services”. Oracle has only about 105 services, compared to AWS’s 227 products.
Most of their general product announcements were capabilities in Oracle Cloud that the other providers have had for a while:
- Serverless Kubernetes: Oracle’s managed kubernetes service. Amazon has EKS, Azure has AKS, and Google has GKE and Anthos, so this is table stakes for any modern cloud provider.
- OCI Container Instances: A managed container platform. Similar to AWS Fargate.
- GPU Superclusters: Can support up to 20k GPUs and 13 Petabits per second of bandwidth across the cluster. Great for machine learning use cases.
- MongoDB Compatibility for Oracle DB: A Mongo adapter for Oracle. Point your existing application at an Oracle database and it just works.
- MySQL Heatwave Lakehouse: MySQL Heatwave with support for object storage. Lakehouse will support not just OCI object storage, but also AWS S3 and Azure Blob Storage.
- PostgreSQL Aries: A managed Postgres database with cloud-scale storage & resiliency. Basically Aurora in Oracle cloud.
Oracle Dedicated Region
Oracle highlighted OCI Dedicated Region, an Oracle-managed installation of OCI in your data center. Oracle will provide hardware and software support, offering the same SLA as the public version of Oracle Cloud.
Unlike AWS Outposts, all 100+ OCI services are available within the Dedicated Region.
Oracle Alloy is a white-label OCI, allowing local resellers (which they call operators) “Complete infrastructure control” over the cloud services they sell.
Oracle’s take on the market is that regulations and national security concerns will require certain sensitive applications to be located and managed locally. This seems to be the generally accepted definition of a Sovereign Cloud.
Oracle Alloy will let the local reseller/operator control physical and logical access to the hardware and data. They can also layer on their own custom services. The reseller’s services will have the same SDK and CLI experience as the native oracle services. However, the reseller will be able to modify the console experience's look and feel to match their branding and desired service offerings.
Alloy is similar to AWS's one-off arrangement to sell services in mainland China. AWS does not run the China partitions; they are run by local companies (presumably with the same government access and limitations that all operators in communist China have).
In general, countries are tightening regulations on data about their citizens. There are rules for where to store it, who can access it, and what level of access must be granted to law enforcement. Oracle Alloy has the potential to dramatically increase the number of cloud providers operating in different countries. This makes OCI a more interesting platform for multinational companies, who want similar architecture but cannot centralize in one of the big three providers.
Oracle is looking to embrace multi-cloud. Too many enterprises are already in at least one cloud provider. By embracing and integrating with different cloud providers, Oracle hopes to capture a share of the business from the big three providers.
Oracle has made several multi-cloud investments over the last few years:
- OCI Azure Interconnect leverages OCI’s FastConnect and Azure’s ExpressRoute services to link your OCI virtual cloud network (VCN) to your Azure Virtual Network (VNet). It is available in 12 regions and offers 2ms latency.
- Oracle Database Service for Azure came out this past summer and allows Azure customers to provision and attach Oracle databases to their Azure VNET. To make the Oracle experience seamless for customers, Oracle logging & telemetry show up natively in the Azure console.
- Recently, Oracle made their MySQL Heatwave available natively inside AWS. At Oracle Cloud World, they announced MySQL Heatwave for Azure with the same experience as Oracle Database service for Azure.
The most intriguing aspect of the entire OCI keynote was when Sudha Raghavan - VP, Trust, Observability & Privacy, was invited on stage to demo the OCI integration with AWS.
Sudha demonstrated a fictional company already based in AWS that wanted to expand into OCI. Leveraging IAM Access Keys (yup, security finding #1), she was able to link the company’s AWS account into their Oracle Cloud tenant. The company’s AWS resources were then visible in the Oracle console.
And with a few clicks, she integrated the AWS RDS into their OCI Virtual Cloud Network (VCN). She then demonstrated copying and converting an AWS AMI into OCI, and launched it in the Oracle VCN with direct network access to the resources in the AWS VPC.
Clay then made the bold statement that there were no data transfer fees. That claim is suspect because AWS charges for DX egress and VPC PrivateLink egress.
Regardless, the combination of existing applications using best-of-breed services in AWS, and specific sovereign-cloud applications in OCI, gives Oracle a pathway into the enterprise market. The capabilities shown in the demo aren’t featured on Oracle’s website, nor did Clay announce a date when they would be available to customers.
Security practitioners should take note of these developments. Oracle is making its entire cloud service portfolio available to run on-prem. They’re allowing third parties to white-label and extend OCI with potentially different security considerations. And the blurring of the lines between cloud provider A, provider B, and the customer will impact how we all think about shared responsibility.
What’s clear from Oracle Cloud World is that Oracle is embracing its position among the cloud providers while leaning into its area of expertise: database and enterprise applications. As a cloud architect, I can build an entire consumer application on AWS, leveraging AWS’s best-of-breed serverless technologies while running my enterprise back-office in OCI. I get a seamless, low latency experience, and can comply with whatever government mandates exist around data sovereignty and government access in the markets I serve. This makes Oracle a contender in the enterprise cloud space.
If you or your organization is thinking about Oracle Cloud, Steampipe can help. Not only do we have a security & compliance dashboard, there are also reports and dashboards for cost savings and insights on resource configurations. And with the OCI Plugin for Steampipe, you can build your own governance around your OCI footprint.